Bond Plugin¶
The bond-cni plugin provides a method for aggregating multiple network interfaces into a single logical “bonded” interface.
To add a bonded interface to a container, a network attachment definition of
type bond
must be created and added as a network annotation in the pod
specification. The bonded interfaces can either be taken from the host or
container based on the value of the linksInContainer
parameter in the
network attachment definition.
For more information on network attachment definitions and how to apply them, see Add an Additional Network Interface to a Container.
For more information on the Bond CNI plugin, see:
https://github.com/k8snetworkplumbingwg/bond-cni
The general bonding CNI configuration parameters are:
name
(
string
, required): The name of the network.type
(
string
, required):bond
ifname
(
string
, optional): The name of the bond interface that will be created in the container.miimon
(
int
, required): Specifies the ARP link monitoring frequency in milliseconds.mode
(
string
, required): Specifies the mode of the bonding interface (one ofactive-backup
,balance-xor
,broadcast
,802.3ad
,balance-tlb
,balance-alb
).mtu
(
int
, optional): The MTU of the bond. The default is 1500.failOverMac
(
int
, optional): Specifies thefailOverMac
setting for the bond. Should be set to 1 for active-backup bond modes. Default is 0.linksInContainer
(
boolean
, optional): Specifies whether slave links are in the container to start. Default isfalse
, that is, look for interfaces on host before bonding.links
(
dictionary
, required): Master interface names.ipam
(
dictionary
, required): IPAM configuration to be used for this network, The mode can be one of:static
,host-local
,dhcp
, orcalico-ipam
.
For more information on each mode, miimon
, and failOverMac
behavior,
see:
https://www.kernel.org/doc/Documentation/networking/bonding.txt
Example: Launch a daemonset Bonding Two Host Interfaces in Active-backup mode¶
The following example launches a daemonset bonding two host interfaces in
active-backup mode. Since the linksInContainer
value is not set (default),
the links list indicates the interfaces should be looked up on the host.
---
apiVersion: crd.projectcalico.org/v1
kind: IPPool
metadata:
name: mypool
spec:
cidr: "10.10.20.0/24"
ipipMode: "Never"
natOutgoing: True
---
apiVersion: "k8s.cni.cncf.io/v1"
kind: NetworkAttachmentDefinition
metadata:
name: bond0
spec:
config: '{
"cniVersion": "0.3.1",
"name": "bond0",
"type": "bond",
"ifname": "net1",
"mode": "active-backup",
"miimon": "100",
"failOverMac": 1,
"links": [
{
"name": "eth1000"
},
{
"name": "eth1001"
}
],
"ipam": {
"type": "calico-ipam",
"assign_ipv4": "true",
"ipv4_pools": ["mypool"]
},
"kubernetes": {
"kubeconfig": "/etc/cni/net.d/calico-kubeconfig"
},
"datastore_type": "kubernetes"
}'
---
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: bonding
namespace: default
labels:
tier: node
spec:
selector:
matchLabels:
tier: node
template:
metadata:
labels:
tier: node
app: bonding
annotations:
cni.projectcalico.org/ipv4pools: '["default-ipv4-ippool"]'
k8s.v1.cni.cncf.io/networks: '[
{ "name": "bond0" }
]'
spec:
containers:
- name: bonding1
image: centos/tools
imagePullPolicy: IfNotPresent
command: [ "/bin/bash", "-c", "--" ]
args: [ "while true; do sleep 300000; done;" ]
securityContext:
capabilities:
add:
- NET_ADMIN
Note
When a bond is configured in the container, interfaces are obtained from the host network namespace and placed in a bonded interface in the container network namespace. Therefore, it is not recommended to use interfaces from the host that are assigned to the platform networks.
Example: Launch a Pod With a Bonded SR-IOV Interface in 802.3ad (LACP) Mode¶
The following example launches a pod with a bonded SR-IOV interface in
802.3ad (LACP) mode. Since the linksInContainer
value is true
, the
defined links are made up of the net1
and net2
interfaces representing
the individual SR-IOV interfaces.
The addition of "spoofchk": "off"
in the pci_sriov_net_group0_data0
config
block ensures that applications within the container have
permission to change the MAC address of the VF.
---
apiVersion: "k8s.cni.cncf.io/v1"
kind: NetworkAttachmentDefinition
metadata:
name: sriov0
annotations:
k8s.v1.cni.cncf.io/resourceName: intel.com/pci_sriov_net_group0_data0
spec:
config: '{
"cniVersion": "0.3.1",
"type": "sriov",
"vlan": 1350
"spoofchk": "off"
}'
---
apiVersion: "k8s.cni.cncf.io/v1"
kind: NetworkAttachmentDefinition
metadata:
name: sriov1
annotations:
k8s.v1.cni.cncf.io/resourceName: intel.com/pci_sriov_net_group0_data1
spec:
config: '{
"cniVersion": "0.3.1",
"type": "sriov",
"vlan": 1350
"spoofchk": "off"
}'
---
apiVersion: "k8s.cni.cncf.io/v1"
kind: NetworkAttachmentDefinition
metadata:
name: bond0
spec:
config: '{
"cniVersion": "0.3.1",
"name": "bond0",
"ifname": "bond0",
"type": "bond",
"mode": "802.3ad",
"miimon": "100",
"linksInContainer": true,
"links": [
{
"name": "net1"
},
{
"name": "net2"
}
],
"ipam": {
"type": "static",
"addresses": [{
"address": "192.168.0.1/24"}]
}
}'
---
apiVersion: v1
kind: Pod
metadata:
name: bond0
annotations:
k8s.v1.cni.cncf.io/networks: '[
{ "name": "sriov0" },
{ "name": "sriov1" },
{ "name": "bond0" }
]'
spec:
restartPolicy: Never
containers:
- name: bond0
image: centos/tools
imagePullPolicy: IfNotPresent
command: [ "/bin/bash", "-c", "--" ]
args: [ "while true; do sleep 300000; done;" ]
securityContext:
capabilities:
add:
- NET_ADMIN
resources:
requests:
intel.com/pci_sriov_net_group0_data0: '1'
intel.com/pci_sriov_net_group0_data1: '1'
limits:
intel.com/pci_sriov_net_group0_data0: '1'
intel.com/pci_sriov_net_group0_data1: '1'